Details
Description
The customer has a requirement to export Audit logs every 10 minutes to minimize the potential impact of rogue activites. They do not have a ElasticSearch or Splunk log store. The only option currently available is therefore a Quay API log scrape.
The Quay API log scrape provides the necessary information however the customer cannot provide a time filter query to the API.
For example
https://github.com/quay/quay/blob/ed86a102ce0c619033714e0afe30a71a331465f4/endpoints/api/logs.py#L132
(There are several other api audit logs endpoints where this needs to be updated)
The starttime and endtime format only accept the following format "%m/%d/%Y".
The customer is requesting the format be extended to "%m/%d/%Y HH:MM:SS".
If the filter is amended the customer can then reguarly scrape on a cron for the last 10 minutes of audit records.
Currently the customer has to scrape all events from Midnight to the current time and then filter out audit logs that have already been captured.